Is a security breach the most effective driver of change?

In my world, it's not until an accident happens that the behavior changes. When someone’s financial account gets entirely drained and the rest of the org finds out about it. Or when people find out, not just that their information was stolen, but that it was posted on the dark web. Then it’s, "Oh, I should pay attention to this." I think unfortunately, in some cases, an accident needs to happen for the behavior to change.

Anonymous Author
In my world, it's not until an accident happens that the behavior changes. When someone’s financial account gets entirely drained and the rest of the org finds out about it. Or when people find out, not just that their information was stolen, but that it was posted on the dark web. Then it’s, "Oh, I should pay attention to this." I think unfortunately, in some cases, an accident needs to happen for the behavior to change.
2 upvotes
Anonymous Author
The best thing is when you can build that business case to show you've got value that you can drive to the business. We need to be compliant with SOX and TISAX, etc., for example. There are a lot of zeros involved in that. Without that business case, every wonderful new tool is going to be really hard to justify. But from an AI or data standpoint, maybe 90-98% of it is all data.
1 upvotes
Anonymous Author
Ask it like this? Is cancer the most effective driver of smoking cessation? No. Research shows that about a third of lung cancer survivors will resume smoking. As to information security, the most effective driver of change is a company that is proactive with security and understands it benefits.
2 upvotes
Anonymous Author
It opens the door to implement new technologies and usually increases the security budget. Now how you use the extra budget/approvals for purchase is of utmost importance and directly correlated to your chances of preventing the next breach
1 upvotes
Anonymous Author
Not always. I'd say when it comes to security specifically, hearing about it from someone trusted who has experienced the event first hand, it's the risk of a major beach, (vs the aftermath of the breach) that fuels the need for change.
2 upvotes